LAPTOPS and mobile telephones supplied with the aid of Glasgow City Council were misplaced, increasing the threat of information not being deleted thoroughly.
An inner audit of the Council’s IT signs found examples of a lack of gadgets, raising issues over information protection. It has also highlighted issues over whether or not the Council is receiving fine value for money. Nine recommendations have been outlined to combat the dangers, with three marked high precedence.
Duncan Black, the Council’s Head of Audit and Inspection, said: “The failure to accurately song all ICT belongings means that the Council might not be best managing its ICT estate for you to relax value for money.
“There is likewise a threat that lost belongings aren’t recognized and investigated timeously, although the threat of any touchy or valuable information loss is mitigated in which gadgets are encrypted.” Over 10,000 gadgets, such as laptops and mobile telephones, are used throughout the Council to resource bendy working.
The review found that there are policies in place to ensure the workers realize their responsibilities regarding “facts protection,” but these can be more suitable.
It states tactics for movers or leavers are uncertain, with a team of workers not usually advising IT of any adjustments affecting sign-in accuracy. Sample checking observed an “enormous variety of errors” at the sign-in. The audit also discovered disposal strategies weren’t usually followed. This protected stock no longer requires Apple devices that have been saved in an open plan office once they must be thrown away, and any other batch of 97 gadgets that had been either lost or not disposed of efficiently.
Mr. Black stated, “The gadgets had to have been returned to the IT issuer and securely disposed of; however, the prices associated with this were deemed to be too luxurious.
“As a result, 56 of the gadgets had been either returned to the producer or disposed of by an electronics recycling business enterprise. The last 41 devices are unaccounted for and taken into consideration lost.
“There is an elevated hazard that, wherein gadgets have no longer been disposed of via the agreed channels, statistics is not deleted to expected requirements.”
Some mitigation occurs when gadgets are misplaced as Active Directory; the Council’s network authentication service is disabled once inactive for 90 days or more. However, Mr. Black’s file admits that more may be finished to trace those devices.
A list of enhancements is set out inside the audit file. These consist of ensuring there may be an up-to-date leaves and movers manner so all IT changes are contemplated in the register. It also recommends that all devices be disposed of through an agreed process and that missing objects be reported.